Ever since the Internet was in its infancy, spam emails started flowing. Even folks on Usenet had to deal with the incessant emails from folks trying to peddle everything from pyramid schemes to instant money programs. As the Internet grew, so has the plague that we know as spam. Luckily, you now have a number of tools you can use to bust email scams.

Recognizing an Email Scam

People are constantly receiving emails for things like male enhancement products (what’s that all about anyway?) or for hotel and travel deals and other offers, but the really nasty emails are the ones you get that try to trick you into parting with your money. A few examples of the most common scams include:

The Nigerian email scams

The PayPal Scams

Foreign Money Transfer scam

Check out my webcam scam

Pyramid Chain Letters

In almost every case, the email comes from a con artist who’s intent on taking you for as much as they can. In the case of the Nigerian scam, folks have actually traveled overseas to collect what they believe are multi-million dollar cheques, only to either get kidnapped or robbed. The Paypal scams fool countless Internet users every year into entering their Paypal logon information and emptying their accounts.

The other scams are all similar – a promise of a large electronic transfer into your bank account if you provide your bank account details, links to websites that install a trojan keyboard logger script that can capture your credit card information when you visit your online bank account. According to a 2009 survey by the Consumer Federation of America, about 2 percent of email users exposed to “fake check” scams actually responded to them with a loss totally about $3000 to $4000 each.

Protecting Yourself From Email Scammers

The first step in protecting yourself from these con artists is by using your email account in a way that doesn’t put you at risk. If a company that you do business with sends you an email that offers a link where you can click to log into their account – don’t click it! Open up a separate browser, type in the URL, and log in. There’s never a need to click on any link in an email. One of the fastest ways to identify such a scam email is by using an email client that displays the link when you hover your mouse over it. You’ll see that in every case the actual link is never the same as the legitimate company’s website.

In most cases, spammers try pretty hard to hide their identity using various methods, including “spoofing” the header with bogus information, using proxy servers to hide their location of origin, or using hijacked “spam-bot” home or business computers or misconfigured SMTP servers. However, there are times when the sender won’t be very smart, they’ll mess up or best of all they may not even properly cloak their IP at all.

Even if you can’t extract their originating IP and location, you may still be able to determine:

Which infected computer is serving as the spam-bot

Which mis-configured company smtp server is hijacked

Which internet service provider is allowing the spammer to send out unsolicited mass emails

Which proxy server (or servers) were used to attempt a “cloaked” identity

Whether an anonymous email service was used to send the illegal scam message

You can also find some great resources for tracing emails and locating the spammers at Spam.Abuse.net. And of course make sure to support the Coalition Against Unsolicited Commercial Email (CAUCE) which works to promote legislation against unsolicited spam. Since 2000, more and more states have created some excellent laws – and the more legislation there is moving forward, the more successful you’ll be in the next stage of this process, which I like to call… Fighting Back.

Fighting Back – How to Report Email Scams

Finally, depending on what information you can extract from the header, you can follow the steps below to shut down the scammers one spam-bot or SMTP server at a time, and in some cases you can even earn some extra money taking the scammers to court. Don’t believe it? Steve, over at AngryOx.com, successfully sued a company for spam.

On April 7 of this year, he collected a check from PrintPal for $623.54. Why did they have to pay? Because they willingly used a spammer to send unsolicited email, against the current laws of the state of Virginia. Businesses beware – users no longer have to try to chase down that elusive shadowy scammer through forged headers and proxies. If your company is advertised, then you’re busted. So don’t purchase the service of spammers or you’ll end up in court!

Steve even offers a free template for a settlement letter that you can use when you file your small claims lawsuit against the spammer. Just search the spam email for any links to purchase a product or that advertises a legitimate site. That’s the company you should go after if you choose this tactic in your war against spam. In the case of the scams, it’s a different story. However, the laws are still on your side.

A Forged Header: Even if the spammer tried to forge the header, uses a proxy or uses an anonymous email service – once you have a court proceeding, you can issue each of those entities legal documents that require them (in most cases) to open up their logfiles and provide the court with the identity of the spammer who used their service or server. Also check out JunkBusters technique of issuing “Notification and Offer” letters to spammers in order to force a lawsuit if the spammer doesn’t comply with a request for payment for every unsolicited message sent to your email account.

If it’s a pyramid money scheme or “deceptive,” as in attempting to steal your money in some manner – report it to the FTC in addition to filing your own lawsuit. They’ve been known to go after major spammers, and your report could make a big difference in alerting them to a significant scamming operation.

To find out if you have the right to sue spammers (and make quite a bit of money in the process), check out SpamLaws.com for the laws in your state that limit spam. Many of these are from 2003 or later, so you may have legal rights regarding spam that you don’t even realize. Suing the spammers, or the businesses that hire them is one of the most effective ways to put an end to this madness once and for all.

Have you ever successfully tracked down a spammer? What tools or techniques did you use? Share them with us in the comments.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

john from iowa

August 16, 2009 at 2:50 am

Oh, I've seen them all. I'm like a magnet for these things, yet when I talk to some other people, they say that they've never heard of them, yet they claim to use email all the time. WTF? How can this be? I've never responded to any of this balderdash yet I keep getting nuked, mortered, and dumb-bombed daily without any warning. What am I doing wrong? And yeah, like I have time to label every one "spam". sure. You ougtta see my REAL spem folder. it has over 74,000 unread messages. And I don't even bite on the "get a free laptop if you spend the equivelent of 12 new lap-tops crap". What's going on? Why me? All I use me email for is to contact my family and THAT'S IT. Yet to find those messages I have to sort through BILLIONS OF UNWANTED JUNK. Then my family wants to know why I misses their email. Well of course I missed it, sorting through 8 trillion other messages. Lord almighty. -john in iowa

FROM DESK OF JOHN FREEMANâ€
From: JOHN FREEMAN (john@imff.info)
Medium riskYou may not know this sender.Mark as safe|Mark as junk
Sent: Sunday, 16 August 2009 2:40:11 AM
To:

FROM DESK OF JOHN FREEMAN
DIRECTOR OF INTERNATIONAL MONETARY FUND
REGIONAL OFFICE FOR INTERNATIONAL MONETARY FUND
142-146 STOKE NEWINGTON HIGH STREET
LONDON UNITED KINGDOM

Good Day

RE-OUTSTANDING PAYMENT

This is to inform you of your Long overdue Payment outstanding our Banking records . I saw your name in the Central Computer among list of unpaid inheritance claims individuals and have to update your informations through this email contact for immediate confirmation .

Your name appeared among the beneficiaries who will receive a part-payment of US$40,000,000.00 million (Fourty million United State dollars) and it has been approved already for payment months ago. However we received an email from one John Brown who told us thathe is your next of kin and that you died in a car accident last four months back .

He has also submitted his account informations to the office department for transfer of the fund to him as your inheritor. We are now verifying by contacting your email address as we have in our Bank recordsbefore we can make the transfer into his account and for us to conclude confirmation ifyou are dead or not. Please , confirmresponse immediately before our action release of the outstanding payment against your name listed out .

Upon this, i request you send your full personal information as soon as possible to enable this department finalize the transfer of the fund release to your nominated foreign Bank Account. This department needs the following informations from you urgently.

1.Full Names ..........

2.Telephone Or Fax Number..........

3.Contact Address..........

4.Age..........

5.Occupation..........

6.Sex..........

CONFIDENTIALITY NOTICE: This E-Mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged,confidential and exempt from disclosure under applicable law. Once again, I apologize to you on behalf of International Monetary fund Agency towards this contact and proper confirmation required urgently from you if alive.

Thanks,
Yours Sincerly

DIRECTOR OF INTERNATIONAL MONETARY FUND
REGIONAL OFFICE FOR INTERNATIONAL MONETARY FUND
+447024018649

Nothing, but nothing beats plain simple common sense.
You don't even have to bother looking at email headers. Spam is refered to as 'Unsolicited commercial mail'- stress being on 'unsolicited'.
Remember the following rules:
1)If you bank or Paypal have to contact you- they will refer to you by name or account. They already have your details, constructing a mail with the name of each customer is trivial. A scammer will obviously not know your actual name since he is sending the same piece of crap to a zillion people.

2) No company you deal with EVER has any need to ask for your password via email for any reason whatsoever. They OWN the servers that you logon to, if they need to perform any maintenance or upgrade they can quite well do so without asking you to click on some shady link.
3) (Basic human nature) If something sounds too good to be true, REST ASSURED THAT IT IS.
4) Legitimate and well known companies don't need chain letters to pass on information about their services, they would issue a press release on their website. This is for those inbred morons who still continue to forward 'Bill gates will pay you/Ericson will give free phones/Some syphilitic kid can be saved- if you only forward this mail to others' type of mails.

Ryan has a BSc degree in Electrical Engineering. He's worked 13 years in automation engineering, 5 years in IT, and now is an Apps Engineer. A former Managing Editor of MakeUseOf, he's spoken at national conferences on Data Visualization and has been featured on national TV and radio.